-
Type: Bug
-
Resolution: Done
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: Internal Code, Security
-
Labels:None
-
Fully Compatible
-
ALL
-
Platforms 2016-09-19
If an LDAP query is constructed using regular expression substitution, and a component containing a backslash is inserted into the query, that component may be truncated.
For example, if query template is "cn={0},dc=mongodb,dc=com" and "jack\,sa" is substituted into the query the resulting query to be performed against the remote server should be "cn=jack\,sa,dc=mongodb,dc=com". We are instead producing "cn=jack,dc=mongodb,dc=com".
This should be fixed, because it's fairly easy to get escaped characters from queries performed during internal username to DN mapping.